Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/Agent.NAH is a file infector.
InstallationWhen executed, the virus creates the following folder:
The following files are dropped in the same folder:
- %system_drive%\Documents and Settings\All Users\Application
The following file is dropped into the %windir% folder:
- msdirect.dll (77 824 B)
- msdirect.exe (172 544 B)
- mskernel.sys (6272 B)
The following files are dropped into the current folder:
- flower.jpg (112624 B)
The virus registers itself as a system service using the following name:
The virus loads and injects the msdirect.dll library into the following processes:
Executable files infectionThe virus searches for executables with one of the following extensions:
Files are infected by adding a new section that contains the virus . The host file is modified in a way that causes the virus to be executed prior to running the original code. Size of the code inserted is 240 KB .
Information stealingThe virus is able to log keystrokes. The data is saved in the following file:
The virus can send the information to a remote machine. The SMTP protocol is used.
Other informationThe virus creates the following files:
- app log.log